[Samba] Multi office samba domains

[Asier Baranguán]

Hi all!

I've a computer acting as a PDC in a network with Samba+OpenLDAP working fairly well ina 
Debian Sarge for several months (Samba servers, XP cients). It's working so well that my 
company wants to deploy this system to all the offices (five offices physically separated).

Each office has it's own peculiarities so each one has to have it's own domain with shares 
and so on. But there some users with special requirements:

+ Normal users only access to their local domain resources

+ Users from marketing and sales dpt. travel across all the offices and it would be great 
allow this users to login in all the offices with the _same_ user account and access to 
shares, printers, etc.

+ Some special users are willing must be allowed to access remotely -via VPN link- to 
other office shares

+ And "admin" users be able to access to all office shares

Inter-office communication will be done with some VPN so in theory I can have one main 
LDAP server with all the users, groups, computers and domains and replicate them.

In other words: share all the users and groups between offices but with several domains 
and access policies.

Can this be done -almost partially-? perhaps with domain trust relationships?

Thanks!